Информационная безопасность
[RU] switch to English


Уязвимости безопасности в ActiveX Microsoft Access
Опубликовано:14 июля 2010 г.
Источник:
SecurityVulns ID:10992
Тип:клиент
Уровень опасности:
7/10
Описание:Различные повреждения памяти.
Затронутые продукты:MICROSOFT : Office 2003
 MICROSOFT : Office 2007
CVE:CVE-2010-1881 (The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability.")
 CVE-2010-0814 (The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability.")
Оригинальный текстdocumentZDI, ZDI-10-117: Microsoft Office Access AccWizObjects ActiveX Control Uninitialized Imports Remote Code Execution Vulnerability (14.07.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-044 - Critical Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335) (14.07.2010)
Файлы:Microsoft Security Bulletin MS10-044 - Critical Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород